Web 2.0 technology provides a convenient way to post videos online, keep up with old friends on social networks, and even surf comfortably from your web browser. But if applications are poorly designed or misconfigured, certain errors can be exploited. Such an error, known as CSRF, allows an attacker to use a legitimate user session to make unauthorized queries to the server.
Cross-Site Request Forgery (CSRF) is a type of attack that abuses trust A web application has caused an authenticated user to make unwanted queries on behalf of the victim's browser To forward the attacker. Since CSRF does not send any kind of response to the attacker, it is said that this only affects state changing requirements, such as: The transfer of funds, the purchase of an item without the victim's knowledge, or the modification of user credentials. CSRF (sometimes pronounced Sea-Surf) is also referred to as XSRF, Session Riding or One-Click Attack.
A CSRF attack is usually accomplished by attempting to open a victim of a malicious file via social engineering or phishing. If the application is more vulnerable, as soon as the user opens the file, the function intended for the attacker is executed. In some cases, this attack can be run as a "Saved CSRF" in which the malicious commands can be stored in an image tag or hidden form on the web page. This type of CSRF is considered much more dangerous as the number of potential victims increases in addition to the fact that it is now stored on a legitimate side.
: Prepare for the Attack
We will use DVWA, a vulnerable web application with common security vulnerabilities, to test our attack. Release it and log in with the default credentials, admin and password . Now go to "DVWA Security" on the left and set the security level to low ; This allows us to successfully carry out our attack.
Then click the CSRF tab to access the Cross-Domain Request Fake section. We can see that there is a password change feature on this page:
Right-click anywhere on this page to display the page source. Scroll down and find the following HTML form:
Copy this HTML code and use nano to create a new file in the terminal. To make this a little more realistic, we need to change the method to POST. Forms such as these rarely use a GET request because, among other things, they display the parameters directly in the URL that are not appropriate for sensitive data such as passwords.
Press Ctrl-X Y and Enter to save. Now we can open this file in the browser by double-clicking it and it should look exactly like the form we saw earlier:
Next we can use the onload tag function will be executed when the page loads. We can then add a new value to the password and password confirmation fields and hide these fields. Finally, replace the number sign with the correct URL, and when this page is loaded, the password is changed.
Step 3: Change the admin password
Now we are ready to carry out our attack, which is carried out in various ways with the help of social engineering or phishing techniques can be. All we have to do is get the victim to load this page. For example, we can use a URL shortener such as Bitly or Goo.gl to disguise the link.
To show that this was successful, you can use the "Inspect Element" page to view the link after loading the POST request. We can see that the parameters contain the new password we created earlier:  How To Manipulate User Credentials With A CSRF Attack ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>